
REMARKS 

The Examiner is thanked for performing a thorough search. In this reply, no claims have been 
added, amended, or canceled. Claims 1-28 are pending in the application. 

SUMMARY OF THE REJECTIONS 

Claims 1, 5-8, 10-13, 15-17, 21-24, and 26-28 were rejected under 35 U.S.C. §102(e) as 
being anticipated, allegedly, by U.S. Patent No. 6,678,835 to Shah et al. ("Shah"). 

Claims 2-4, 9, 14, 18-20, and 25 were rejected under 35 U.S.C. §103(a) as being 
unpatentable, allegedly, over Shah in view of U.S. Patent No. 6,678,827 to Rothermel et al. 
("Rothermel"). 

THE REJECTIONS BASED ON THE PRIOR ART 

The rejections of Claims 1, 5-8, 10-13, 15-17, 21-24, and 26-28 under 35 U.S.C. §102(e) and 
the rejections of Claims 2-4, 9, 14, 18-20, and 25 under 35 U.S.C. §103(a) are traversed at least for 
the reasons discussed below. 

Claims 1. 5-8, 10-13, 15-17, 21-24, and 26-28 

Claim 1 recites, among other features, "sending one or more configuration instructions from 
the management source to each of the one or more sets of security devices using an order that is 
determined based on the one or more configuration dependencies, resulting in implementing the 
security policy on the network." Thus, Claim 1 requires that the order in which the configuration 
instructions are sent to the sets of security devices must be based on conflguration dependencies. 
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The term "configuration dependency" is defined in paragraph [0024] of the specification. The term 
"configuration dependency" means that the configuration of one security device is dependent on 
another security device being configured or not configured. Claim 1 must be interpreted in Ught of 
this definition. 

The portions of Shah cited by the Office Action as allegedly disclosing this feature of Claim 
1 fail to do so. The Office Action alleges that cols. 19-21 of Shah disclose this feature. Although 
this section of Shah refers to LD AP directory entries that are arranged in a tree structure that follows 
a geographic and organizational distribution, there is no teaching or suggestion in Shah that the order 
in which LDAP changes are propagated to poUcy enforcers is based in any way on the organization 
of the entries in the LDAP directory. Additionally, there is no teaching or suggestion in Shah that 
the organization of the entries in the LDAP directory in any way indicates configuration 
dependencies between policy enforcers. 

According to FIG. 25 of Shah, in step 434, changes to an LDAP directory are transmitted to 
policy enforcers for storage in those poUcy enforcers' databases. There is no discussion of the order 
in which the changes are transmitted to the policy enforcers. Apparently, the order in which the 
changes are transmitted to the policy enforcers is entirely irrelevant. There is no discussion of 
changes being transmitted to a first policy enforcer before being transmitted to a second policy 
enforcer due to the second policy enforcer having a configuration dependency relative to the first 
policy enforcer. There is also no teaching or suggestion that the ability of one policy server to store 
these changes in that policy enforcer's database would ever depend on whether such changes already 
had been stored in another policy enforcer's database. There is absolutely no discussion of 
configuration dependencies in Shah. 
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In Shah, the order in which LDAP changes are transmitted from policy server 122 to policy 
enforcers 124 and 126 does not matter at all If the LDAP changes are transmitted to policy enforcer 
124 before they are transmitted to policy enforcer 126, this will not prevent policy enforcer 126 from 
receiving the changes and storing the changes in database 134. Conversely, if the LDAP changes are 
transmitted to policy enforcer 126 before they are transmitted to policy enforcer 124, this will not 
prevent policy enforcer 124 from receiving the changes and storing the changes in database 132. 
Shah is entirely bereft of the idea of configuration dependencies in any form. Even if policy 
enforcers 124 and 126 are considered to be "configured" by policy server 122, the order in which 
they are "configured" makes absolutely no difference whatsoever. At the very least, there is no 
teaching or suggestion anywhere in Shah that the order makes any difference, or even that the 
configuration is done in any specified or determined order at all. 

Thus, there is at least one feature of Claim 1 that the cited portions of Shah fail to disclose. 
For at least the reasons discussed above, it is respectfiiUy submitted that Claim 1 is patentable over 
Shah. 

Claims 5-8 and 10 depend from Claim 1 and therefore include the features of Claim 1 that 
are distinguished from Shah above. Therefore, for at least the reasons discussed above with relation 
to Claim 1, it is respectfiiUy submitted that Claims 5-8 and 10 are patentable over Shah. 

Claims 17, 21-24, and 26 recite computer-readable media that carry instructions that cause 
processors to perform the steps of Claims 1, 5-8, and 10, respectively. Therefore, for at least the 
reasons discussed above with relation to Claims 1, 5-8, and 10, it is respectfiiUy submitted that 
Claims 17, 21-24, and 26 are patentable over Shah. 
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Claim 27 recites a computer system that comprises means for performing the steps of Claim 
1. Therefore, for at least the reasons discussed above with relation to Claim 1, it is respectfully 
submitted that Claim 27 is patentable over Shah. 

Claim 28 recites a device that comprises a processor that is configured to perform the steps of 
Claim 1. Therefore, for at least the reasons discussed above with relation to Claim 1, it is 
respectfully submitted that Claim 28 is patentable over Shah. 

Claim 1 1 is not identical to Claim 1. However, Claim 1 1 specifically recites, "each 
configuration dependency corresponding to at least a first security device having to be 
configured before a second security device is configured in order for the first security device to 
receive its own configuration instructions for implementing the security policy firom a 
management source." As is discussed above with reference to Claim 1, Shah lacks any notion of 
configuration dependencies. Shah lacks any notion that the order in which LDAP directory changes 
are transmitted to or stored by policy enforcers matters or is considered in any way. Even if one 
policy server receives LDAP changes before another poUcy server does, it will not prevent the latter 
policy server from storing the changes in its database. 

Thus, there is at least one feature of Claim 1 1 that the cited portions of Shah fail to disclose. 
For at least the reasons discussed above, it is respectfully submitted that Claim 1 1 is patentable over 
Shah. 

Claims 12, 13, 15, and 16 depend firom Claim 1 1 and therefore include the features of Claim 
1 1 that are distinguished from Shah above. Therefore, for at least the reasons discussed above witti 
relation to Claim 11, it is respectfully submitted that Claims 12, 13, 15, and 16 are patentable over 
Shah. 
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Claims 2-4, 9, 14, 18-20, and 25 

Claims 2-4, 9, 14, 18-20, and 25 each depend from a claim that is distinguished from Shah 
above. By virtue of this dependence, there is at least one feature of each of Claims 2-4, 9, 14, 18-20, 
and 25 that Shah fails to disclose, teach, or suggest. Specifically, as discussed above. Shah fails to 
disclose anything about configuration dependencies or basing an order of security device 
configuration on such configuration dependencies. 

Rothermel also does not disclose, teach, or suggest these features that are missing from Shah. 
Indeed, the Office Action does not even allege that Rothermel discloses these features. The Office 
Action does not rely on Rothermel to disclose anything about configuration dependencies or the 
order in which security devices are configured. 

Thus, even if Shah and Rothermel were combined (assuming, arguendo, that one would have 
been motivated to combine Shah and Rothermel), even the combination would fail to teach or 
suggest the features that Claims 2-4, 9, 14, 18-20, and 25 inherit from the claims on which they 
depend. 

For at least the reasons discussed above, it is respectfiiUy submitted that Claims 2-4, 9, 14, 
18-20, and 25 are patentable over Shah and Rothermel, taken individually or in combination. 

CONCLUSION 

For the reasons set forth above, it is respectfiiUy submitted that all of the pending claims are 
in condition for allowance. Therefore, the issuance of a formal Notice of Allowance is believed next 
in order, and that action is most eamestly sohcited. 
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The Examiner is respectfully requested to contact the undersigned by telephone if it is 
believed that such contact would further the examination of the present application. 

If any applicable fee is missing or insufficient, throughout the pendency of this application, 
the Commissioner is hereby authorized to any applicable fees and to credit any overpayments to our 
Deposit Account No. 50-1302. 



Respectfully submitted. 



HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: December / 5 2005 



Christian A. Nicholes 
Reg. No. 50,266 




2055 Gateway Place, Suite 550 
San Jose, CaUfomia 95 1 10-1089 
Telephone No.: (408) 414-1080 
Facsimile No.: (408)414-1076 
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